Hey folks - I'm thinking about adding support for the OAuth WRAP protocol to Shindig. OAuth WRAP was an early predecessor to OAuth 2. OAuth 2 is still a moving target, but OAuth WRAP is final, and there are implementations in the wild.
The relevant shindig code is all in OAuthRequest.java. This is entirely about outbound requests from Shindig, not inbound requests. OAuth WRAP is fairly similar to the Scalable OAuth Extension, which is already implemented in Shindig. I'd only implement the web app profile of OAuth WRAP; that's the only interesting one for gadgets. I'd expect the OAuth WRAP code to move readily to OAuth 2 once OAuth 2 is finalized. The web app profile has seen lots of parameter name changes, but the basic protocol steps have been constant for a few months now. The major functional gap between OAuth WRAP and OAuth2 is cryptographic signing; there are many key OpenSocial features that won't work until we've got a solid design for that. I'd expect OpenSocial to use one of the OAuth2 assertion profiles. At any rate, that work would not be done first. Thoughts on this? Cheers, Brian
